Setup a Hacking lab

One of main problems I found when starting to hack was finding vulnerable targets to attack and hone your skills, these targets can be anything from virtual machines to repurposed hardware.

You can then take these skills you have learnt and use them in the wild with a better understanding of what your actually doing and if you break any thing its no bother, you can just quickly restore from a snapshot or just re-format the box.

So go dig out your old equipment and lets start making our lab.

Virtual Machines

If you have a powerful PC (a computer with minimum of 4GB RAM) you should be able to run a few virtual machines in your test lab at the same time.

The amount of virtual machines you can run simultaneously comes down to how much memory you have installed in the host machine and how much you have assigned for each virtual machine, as this is only a lab each virtual machine really only needs the bare minimum to run, but if you find the virtual machine is slow and totally unusable the virtualization software makes it so easy to tweak the settings.

The three most common free virtualization software:

Oracle VirtualBox
(Open source and can be used on all platforms windows, Linux or mac and is what I will be using in all my tutorials)

VMware Player
(also works on all platforms but you need to register or create a free account with VMware before you can download it)

You need to make sure you supply enough memory to your host and guest operating systems otherwise you will get all sorts of crashes and system failures. Use the guide below to aid you in deciding the amount of RAM needed for each Virtual Machine.

Repurposed Hardware

Got a 10 year old pc that has been sitting in a cupboard for the past 4 years, moved from ADSL to Fiber and you still got the old router, you can use it all.

Same as with the virtual machines its only a test environment so they don’t need to be the fastest machines, they just need to still work and be able to run an operating system, even if say “the hard disk is dead” in a old laptop you can run a windows or Linux live boot CD/USB which will just run from memory with no need of a hard disk giving you a perfectly working machine.

Old routers you can make them into WIFI access points, which you can try different techniques to attack without the worry of getting caught, or even attack the access point and check to see what sort of logs are generated during the attack, so you would then know if it was happening to you.

If your not like me and have bits of old tech all over the place, you can quite cheaply pick up old technology on ebay that people just want to get rid of.

Kali 2.0

Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali contains several hundred tools aimed at various information security tasks, such as Penetration Testing, Forensics and Reverse Engineering. Kali Linux is developed, funded and maintained by Offensive Security, a leading information security training company.

Download play with all the preinstalled tools, but remember its just a Linux distro and you can just as easily install the tools into another distro of Linux. If you have never used Linux before I would suggest getting to grips with Mint or Ubuntu first. what a lot of people starting out do is try and run kali as a host OS and its not really designed for that.

Metasploitable

Metasploitable is a vulnerable virtual machine based on Ubuntu that is released by the Metasploit team in a order to solve your problem in learning the Metasploit framework. It focuses on network-layer vulnerabilities because it contains vulnerable services for you to hack.

Once you have downloaded the VM, extract the zip file. open vmdk using virtualbox and power it on. after a brief time, the system will be booted and ready for action. The default login and password is msfadmin:msfadmin

Never expose this Virtual Machine to an untrusted network, use Nat or Host-only mode!

Making a Vulnerable Windows Environment

Once you fire up a few Windows Virtual machines, you may want to install older versions of software so that you can test exploits of known vulnerabilities. Most software providers don’t include older versions of their software on their sites, luckily you can download these at www.oldapps.com

After you have installed your software, make sure you open the relevant ports or disable the windows firewall and UAC (User Account Control).

Post navigation

4 thoughts on “Setup a Hacking lab”

Exposing ports on your maker can result in a system compromise causing lost data, and perhaps identity theft. A port scan of your very own system can reveal you precisely what an enemy sees and what sort of action you need to take to avoid an attack on your system.

Ross Great comment, I would suggest that you scan your network periodically to keep check on every thing that is connected to your network, also took a look at your site which is actually pretty well laid out maybe we can collaborate at some point.